logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CMMC

Summary

The Cybersecurity Maturity Model Certification (CMMC) program enhances cyber protection standards for companies in the Defense Industrial Base (DIB). It is aimed at measuring the maturity of an organization's cybersecurity processes (process institutionalization). The version used in this section is CMMC 2.0.

Definitions

DefinitionRequirements
CMMC-AC_L1-3_1_1. Authorized access control
CMMC-AC_L1-3_1_2. Transaction & function control
CMMC-AC_L1-3_1_20. External connections
CMMC-AC_L1-3_1_22. Control public information
CMMC-AC_L2-3_1_3. Control CUI flow
CMMC-AC_L2-3_1_4. Separation of duties
CMMC-AC_L2-3_1_5. Least privilege
CMMC-AC_L2-3_1_6. Non-privileged account use
CMMC-AC_L2-3_1_7. Privileged functions
CMMC-AC_L2-3_1_8. Unsuccessful logon attempts
CMMC-AC_L2-3_1_9. Privacy & security notices
CMMC-AC_L2-3_1_10. Session lock
CMMC-AC_L2-3_1_11. Session termination
CMMC-AC_L2-3_1_12. Control remote access
CMMC-AC_L2-3_1_13. Remote access confidentiality
CMMC-AC_L2-3_1_14. Remote access routing
CMMC-AC_L2-3_1_15. Privileged remote access
CMMC-AC_L2-3_1_16. Wireless access authorization
CMMC-AC_L2-3_1_17. Wireless access protection
CMMC-AC_L2-3_1_18. Mobile device connection
CMMC-AC_L2-3_1_19. Encrypt CUI on mobile
CMMC-AC_L2-3_1_21. Portable storage use
CMMC-AT_L2-3_2_1. Role-based risk awareness
CMMC-AU_L2-3_3_1. System audit
CMMC-AU_L2-3_3_2. User accountability
CMMC-AU_L2-3_3_3. Event review
CMMC-AU_L2-3_3_4. Audit failure alerting
CMMC-AU_L2-3_3_7. Authoritative time source
CMMC-AU_L2-3_3_8. Audit protection
CMMC-AU_L2-3_3_9. Audit management
CMMC-CM_L2-3_4_2. Security configuration enforcement
CMMC-CM_L2-3_4_3. System change management
CMMC-CM_L2-3_4_5. Access restrictions for change
CMMC-CM_L2-3_4_6. Least functionality
CMMC-CM_L2-3_4_7. Nonessential functionality
CMMC-CM_L2-3_4_8. Application execution policy
CMMC-CM_L2-3_4_9. User-installed software
CMMC-IA_L1-3_5_2. Authentication
CMMC-IA_L2-3_5_3. Multifactor authentication
CMMC-IA_L2-3_5_4. Replay-resistant authentication
CMMC-IA_L2-3_5_5. Identifier reuse
CMMC-IA_L2-3_5_6. Identifier handling
CMMC-IA_L2-3_5_7. Password complexity
CMMC-IA_L2-3_5_8. Password reuse
CMMC-IA_L2-3_5_9. Temporary passwords
CMMC-IA_L2-3_5_10. Cryptographically-protected passwords
CMMC-MA_L2-3_7_3. Equipment sanitization
CMMC-MA_L2-3_7_4. Media inspection
CMMC-MA_L2-3_7_5. Nonlocal maintenance
CMMC-MP_L1-3_8_3. Media disposal
CMMC-MP_L2-3_8_1. Media protection
CMMC-MP_L2-3_8_2. Media access
CMMC-MP_L2-3_8_5. Media accountability
CMMC-MP_L2-3_8_6. Portable storage encryption
CMMC-MP_L2-3_8_7. Removable media
CMMC-MP_L2-3_8_8. Shared media
CMMC-PE_L1-3_10_1. Limit physical access
CMMC-PE_L1-3_10_4. Physical access logs
CMMC-PE_L1-3_10_5. Manage physical access
CMMC-PE_L2-3_10_6. Alternative work sites
CMMC-RA_L2-3_11_2. Vulnerability scan
CMMC-CA_L2-3_12_2. Plan of action
CMMC-CA_L2-3_12_3. Security control monitoring
CMMC-SC_L1-3_13_1. Boundary protection
CMMC-SC_L1-3_13_5. Public-access system separation
CMMC-SC_L2-3_13_3. Role separation
CMMC-SC_L2-3_13_4. Shared resource control
CMMC-SC_L2-3_13_6. Network communication by exception
CMMC-SC_L2-3_13_7. Split tunneling
CMMC-SC_L2-3_13_8. Data in transit
CMMC-SC_L2-3_13_9. Connections termination
CMMC-SC_L2-3_13_10. Key management
CMMC-SC_L2-3_13_13. Mobile code
CMMC-SC_L2-3_13_15. Communications authenticity
CMMC-SC_L2-3_13_16. Data at rest
CMMC-SI_L1-3_14_2. Malicious code protection
CMMC-SI_L1-3_14_4. Update malicious code protection
CMMC-SI_L1-3_14_5. System & file scanning
CMMC-SI_L2-3_14_3. Security alerts & advisories
CMMC-SI_L2-3_14_7. Identify unauthorized use

Last updated

2023/09/18